Mambu's SaaS banking engine lives up to the high banking security standards and is compliant with common industry requirements, verified and assured by an external certification body.

Reporting Security Issues

To report any security issues, please contact us at security@mambu.com and encrypt your email with a Public GPG key.
Our security team will respond as quickly as possible. We kindly ask you to not publicly disclose any security issue until it has been addressed by Mambu.

ISO certification and AWS Partner Network logos 2

Certified Security Practices

Mambu maintains an Information Security Management System (ISMS) according to ISO/IEC 27001–the de-facto standard in information security–to proactively manage information security risks and review the effectiveness of our technical and organizational controls via internal and external audits.

Download Certificate

AWS Financial Services Partner

Mambu is a member AWS’ Partner Network in the Financial Services Competency program. As such Mambu was audited by AWS through the AWS Well Architected Program to ensure Mambu follows security best practices like encryption in transit and at rest, identity and access management, and many others available on the AWS platform.

Built Upon Secure Infrastructure

Customer data is processed in state of the art data centers of AWS, assured by a vast amount of related certifications, providing confidence to run regulated workloads.

Approved by Regulators

Financial regulators across many regions approved outsourcing of regulated financial workloads to Mambu.

GDPR logo and search icons

Respecting Data Privacy

The Mambu platform allows customers to be GDPR compliant by providing relevant features to comply with  data subject rights. Mambu offers customers a data processing agreement and ensures personal data doesn't leave the customer's jurisdiction or provides assurances of adequate data protection outside of customer jurisdiction.

Complete Audit Rights

Mambu ensures customers and regulators can execute their supervisory function and have effective audit rights to Mambu’s business premises, processes and supply chain.

Isolation & Control

Customers can choose to have a dedicated Mambu deployment that is not shared with other Mambu customers, giving further control over the environment and increase the isolation required by financial regulators.

SLAs and Business Continuity

Mambu offers SLAs for uptime and resolution times on customer inquiries. Our disaster recovery procedures and business continuity plans are regularly tested. The Mambu SaaS solution is cloud-agnostic and has no vendor lock-in any specific cloud vendor.

information security triangle

Open Platform

The Mambu platform provides APIs to implement the PSD2 regulation, allowing financial institutions to give third party vendors access to end customer data.

Security Built-In

Security is embedded in all stages of the software development lifecycle (SDLC) at Mambu–from requirements engineering, programming, QA to deployment, monitoring, alerting and incident management.

External Penetration Tests

Mambu performs continuous internal security tests. These tests are further backed by external penetration tests from security researchers–multiple times per year. Penetration tests cover network security aspects as well as common web application vulnerabilities as referenced in the OWASP Top 10 project

Openness & Transparency

Mambu’s APIs and Data Dictionary are publicly available.  Further customers can automate backup retrieval at any time. If you’re interested in detailed security assurance and compliance information please contact us.

Data Leakage & Loss Prevention

Mambu applies principles like security-in-depth, need-to-know and least-privilege to reduce the chance of data leakage or loss by internal or external threats using different preventive, detective and mitigative controls.

Incident Response Management

In the case of a (security) incident, Mambu is prepared with regularly tested incident response plans and 24/7 on-call staff to react immediately and appropriately.